http://www.ISAserver.org -------------------------------------------------------
Daniel,
I think it may be quit easy,
If you have a RRAS server in each remote network which is part of this network; it means that this sevrer has a network card and modem ;; as you said " Dial" in your mail, ... so the ISA server is dial to this modem..
right?
So, simply add a static route on the remote network gateway router , which any packets needs to go to headqaurter subnet will be routed to the RRAS server
then the RRAS server will forwarded it to headqaurter through it's vpn connection...
is it your case?
if it not, tell me please
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
Reply-To: isalist@xxxxxxxxxxxxx
To: <isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: vpn demand dial gw-to-gw routing problem
Date: Mon, 26 Jun 2006 09:22:57 -0500
>http://www.ISAserver.org
>-------------------------------------------------------
>
>Hi Daniel,
>
>No need to make host routes if the ISA firewall is the gateway for the
>clients to all remote networks.
>
>Thomas W Shinder, M.D.
>Site: www.isaserver.org
>Blog: http://blogs.isaserver.org/shinder/
>Book: http://tinyurl.com/3xqb7
>MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Daniel
> > Sent: Monday, June 26, 2006 9:13 AM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: vpn demand dial gw-to-gw routing problem
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > Please!
> >
> > Nobody has this same problem with vpn routing?
> > My routing plan is correct, seems that the MS RRAS server is
> > rejecting packets routed trough a non-ms gateway,
> > I need create route entries in each host on the remote vpn
> > subnet to comunicate trough vpn. Do that have no
> > sens, the route entry should reside on the LAN gateway who
> > should redirect vpn packet trough the MS-RRAS with
> > the dd-vpn iface.
> >
> >
> > thanks.
> > daniel
> > ----- Original Message -----
> > From: "Daniel" <daniel@xxxxxxxxxxxxxxxx>
> > To: "ISAServerList" <isalist@xxxxxxxxxxxxx>
> > Sent: Saturday, June 24, 2006 1:56 AM
> > Subject: [isalist] vpn demand dial gw-to-gw routing problem
> >
> >
> > > -------------------------------------------------------
> > >
> > > Hi have the same routing problem with all my vpns (I'm
> > using PPTP vpns), seems be a MS RRAS specific
> > problem.
> > >
> > > I have 5 dd persistent vpns on My headquarter isa server
> > 2000/w2k, who dials to remote w2k-RRAS servers on
> > > partners networks. To route between the vpn subnets I have
> > static routes trough the correspondent vpn dd
> > iface
> > > in each RRAS and on my headquarter ISA/RRAS snap-in.
> > >
> > > In headquarter my ISA is the default gateway, but on the
> > remote networks the LAN default gateway is generaly
> > a
> > > cisco router or other router, not the w2k-RRAS with the vpn
> > dd iface. To have a correct routing plan I need
> > > only create a route on this non-MS gateways to my
> > headquarter vpn subnet trough the w2k-RRAS LAN iface (who
> > > have the dd vpn iface), but the routing don't work.
> > >
> > > To solve the problem I need to create a local route entry
> > (the same route I have on the LAN non-MS default
> > > gateway) on each windows station on the remote LAN, so I
> > have access to this machine trough vpn, this prove
> > > that the routing plan is correct.
> > >
> > > The problem seems be that default remote LAN gateway is a
> > non-MS box, but in TCP/IP routing concepts this
> > have
> > > no sens. Seems that packets routed trough a non-MS box are
> > rejected by the w2K-RRAS server (who have the dd
> > > vpn iface) if they are destinated to the vpn.
> > >
> > > Someone can help me?
> > >
> > > thanks,
> > >
> > > Daniel
> >
> >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
>------------------------------------------------------
>List Archives: //www.freelists.org/archives/isalist/
>ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
>ISA Server Blogs: http://blogs.isaserver.org/
>------------------------------------------------------
>Visit TechGenix.com for more information about our other sites:
>http://www.techgenix.com
>------------------------------------------------------
>To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>Report abuse to listadmin@xxxxxxxxxxxxx
>
